ChiliProject 2.11.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-1854 among other security advisories not relevant to ChiliProject).
This release contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.8.0. It is suitable for use on production websites running ChiliProject 2.x. While the issue can only be exploited for DoS attacks, we urge all ChiliProject administrators to update their installation immediately.
What’s included
2.11.0 contains a security fix for Rails (CVE-2013-1854) which is handled by enforcing an updated version of this dependency to ChiliProject. For details on the issues, please refer to the linked post on the Ruby On Rails security mailing list and the corresponding Rails 2.3.18 announcement on the Ruby on Rails blog.
The corresponding ChiliProject bug is:
- Security – Bug #1252: Update Rails to 2.3.18
How to upgrade
Please follow the Upgrade Guide in our Wiki. Make sure to run bundle update
during the upgrade procedure to install the new version of Rails. If you omit this step, you will receive an error message instructing you do update the bundle and ChiliProject will refuse to start.